Jul 29, 2025Ravie LakshmananVulnerability / Software program Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added a high-severity safety vulnerability impacting PaperCutNG/MF print administration software program to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation within the wild.
The vulnerability, tracked as CVE-2023-2533 (CVSS rating: 8.4), is a cross-site request forgery (CSRF) bug that might lead to distant code execution.
“PaperCut NG/MF accommodates a cross-site request forgery (CSRF) vulnerability, which, below particular situations, might probably allow an attacker to change safety settings or execute arbitrary code,” CISA mentioned in an alert.PaperCut NG/MF is often utilized by faculties, companies, and authorities places of work to handle print jobs and management community printers. As a result of the admin console sometimes runs on inner internet servers, an exploited vulnerability right here might give attackers a straightforward foothold into broader methods if missed.
In a possible assault state of affairs, a menace actor might leverage the flaw to focus on an admin person with a present login session, and deceive them into clicking on a specifically crafted hyperlink that results in unauthorized modifications.
It is at the moment not recognized how the vulnerability is being exploited in real-world assaults. However provided that shortcomings within the software program resolution have been abused by Iranian nation-state actors in addition to e-crime teams like Bl00dy, Cl0p, and LockBit ransomware for preliminary entry, it is important that customers apply mandatory updates, if not already.On the time of writing, no public proof-of-concept is out there, however attackers might exploit the bug by a phishing e-mail or a malicious website that methods a logged-in admin into triggering the request. Mitigation requires greater than patching—organizations must also assessment session timeouts, limit admin entry to recognized IPs, and implement robust CSRF token validation.
Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Govt Department (FCEB) companies are required to replace their cases to a patched model by August 18, 2025.
Admins ought to cross-check with MITRE ATT&CK methods like T1190 (Exploit Public-Going through Software) and T1071 (Software Layer Protocol) to align detection guidelines. For broader context, monitoring PaperCut incidents in relation to ransomware entry factors or preliminary entry vectors may help form long-term hardening methods.
